Bug #1967
closedosmo-sim-auth: NoneType exception with AUTN generated from OP
50%
Description
Take a brand new sysmoUSIM and attempt a UMTS authentication using osmo-sim-auth and a card reader.
The USIM database has an OPC that works, but on our sysmoUSIM, there's actually an OP.
Using the OP and KI from the card, the result is an exception without sensible error message; transcript follows.
two issues:
a) does osmo-auc-gen produce proper AUTN from OP? If not, create a new issue and fix it.
b) osmo-sim-auth should reply with a useful error message.
Updated by neels about 7 years ago
transcript:
▶ ./sysmo-usim-tool.sjs1.py -a 94736127 -o sysmoUSIM-SJS1 parameterization tool Copyright (c)2017 Sysmocom s.f.m.c. GmbH Initializing smartcard terminal... * Terminal: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00 * Protocol: 1 Reading OP/C value... * Initalizing... * Authenticating at card as administrator... * Reading... * Current OPc setting: OP: 0x0 OP/OPc: $OP Done! ▶ osmo-auc-gen -3 -a milenage -k 46F5C2A19D2CC186A971D5015D4CCDBF -O $OP osmo-auc-gen (C) 2011-2012 by Harald Welte This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY WARNING: We're using really weak random numbers! RAND: c204ba0b40a32653156bf463d7a5276a AUTN: 49be6a6a168500006d59b40ab98709e8 [...] ▶ ./osmo-sim-auth.py -r c204ba0b40a32653156bf463d7a5276a -a 49be6a6a168500006d59b40ab98709e8 [+] UICC AID found: found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0) [+] USIM AID selection succeeded Testing USIM card with IMSI 901700000014702 UMTS Authentication Traceback (most recent call last): File "./osmo-sim-auth.py", line 114, in <module> handle_usim(options, rand_bin, autn_bin) File "./osmo-sim-auth.py", line 44, in handle_usim if len(ret) == 1: TypeError: object of type 'NoneType' has no len()
Adding some aggressive debug output, I get:
▶ ./osmo-sim-auth.py -r c204ba0b40a32653156bf463d7a5276a -a 49be6a6a168500006d59b40ab98709e8 [+] UICC AID found: found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0) [+] USIM AID selection succeeded Testing USIM card with IMSI 901700000014702 UMTS Authentication Authenticating with '3G' [+] authentication error: ['INTERNAL AUTHENTICATE apdu: 00 88 00 81 22 10 C2 04 BA 0B 40 A3 26 53 15 6B F4 63 D7 A5 27 6A 10 49 BE 6A 6A 16 85 00 00 6D 59 B4 0A B9 87 09 E8', 'sw1, sw2: 98 62 - undefined status', (152, 98), []] ret = None Traceback (most recent call last): File "./osmo-sim-auth.py", line 115, in <module> handle_usim(options, rand_bin, autn_bin) File "./osmo-sim-auth.py", line 45, in handle_usim if len(ret) == 1: TypeError: object of type 'NoneType' has no len()
Updated by laforge over 5 years ago
- Assignee set to dexter
- Priority changed from Normal to Low
Updated by dexter about 5 years ago
The method authenticate() may return None in some error cases, this leads into the exception since we use len() to to check the return code further. I have added a check for that now:
https://gerrit.osmocom.org/#/c/osmo-sim-auth/+/12684 Check return code of u.authenticate()
I also get SW: 98 62, but I have difficulties to get smart out of this since I do not know whats the best way to verify the output of osmo-auc-gen.
Updated by laforge over 4 years ago
- Priority changed from Low to Normal
- the ticket shouldn't be new/0% if thre's already a patch in review (and most likely merged) for 10 months.
I also get SW: 98 62, but I have difficulties to get smart out of this since I do not know whats the best way to verify the output of osmo-auc-gen.
I'm not sure what you mean by "how to verify the output of osmo-auc-gen". What do you mean exactly? Do you have doubts that the output of osmo-auc-gen might not be correct?
Updated by dexter about 4 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 50
I have tried it now with OP and OPc, in both cases it works. Here is the output of my card:
$ osmo-auc-gen -3 -a milenage -k FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -O FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF osmo-auc-gen (C) 2011-2012 by Harald Welte This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY RAND: f38b69944da57fa6b7f20f5de9f9b9db AUTN: 3be4918719640000fc55166f4eb8c32e IK: e13d79c701e1a0b7fc02dd13a87663cb CK: b2f435e99b7d06ad08190ff6ba36a4be RES: 9129fd749b5d7681 SRES: 0a748bf5 Kc: a7d29ecb88dc616f SQN: 32 IND: 0 $ ./osmo-sim-auth.py -r f38b69944da57fa6b7f20f5de9f9b9db -a 3be4918719640000fc55166f4eb8c32e [+] UICC AID found: found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0) [+] USIM AID selection succeeded Testing USIM card with IMSI 4100600000115151515 UMTS Authentication AUTS: db729b5eb6c901cc2303a4f00ac1 GSM Authentication SRES: 37590885 Kc: 411a8e9038c28000
To me everything looks fine.
Updated by laforge about 4 years ago
- Status changed from In Progress to Rejected